VulnerableCode Package Details - pkg:maven/io.netty/netty-codec@4.1.2.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-7xma-5zdf-57dd Aliases: CVE-2020-11612 GHSA-mm9x-g8pc-w292	The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.	4.1.46.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tdp2-ve8k-zbds Aliases: CVE-2021-37136 GHSA-grg4-wf29-r9vv	The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack	4.1.68.Final Affected by 0 other vulnerabilities. 4.1.68 Affected by 0 other vulnerabilities.
VCID-yyyg-3z5x-vuay Aliases: CVE-2021-37137 GHSA-9vjp-v76f-g363	The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.	4.1.68.Final Affected by 0 other vulnerabilities. 4.1.68 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7xma-5zdf-57dd
Aliases:
CVE-2020-11612
GHSA-mm9x-g8pc-w292

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

4.1.46.Final
Affected by 2 other vulnerabilities.

VCID-tdp2-ve8k-zbds
Aliases:
CVE-2021-37136
GHSA-grg4-wf29-r9vv

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

4.1.68.Final
Affected by 0 other vulnerabilities.

4.1.68
Affected by 0 other vulnerabilities.

VCID-yyyg-3z5x-vuay
Aliases:
CVE-2021-37137
GHSA-9vjp-v76f-g363

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

4.1.68.Final
Affected by 0 other vulnerabilities.

4.1.68
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T18:05:48.340026+00:00	GitLab Importer	Affected by	VCID-yyyg-3z5x-vuay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2021-37137.yml	37.0.0
2025-07-03T18:05:46.517914+00:00	GitLab Importer	Affected by	VCID-tdp2-ve8k-zbds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2021-37136.yml	37.0.0
2025-07-03T17:40:26.875259+00:00	GitLab Importer	Affected by	VCID-7xma-5zdf-57dd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec/CVE-2020-11612.yml	37.0.0